Attachment 5.8: The SAMA’s Preliminary Approach to IRB Recognition

No: BCS 290

Date(g): 12/6/2006 | Date(h): 16/5/1427

Effective from Jan 01 2008 - Dec 31 2007
To view other versions open the versions tab on the right

Background

1.	IRB systems are the cornerstone for calculating regulatory capital charges under the IRB Approach, as they form the basis of determining a borrower’s probability of default (“PD”) and, where applicable, two other risk components, namely, a facility’s loss given default (“LGD”) and exposure at default (“EAD”). As a consequence, validation of these three parameters, which are key inputs to the calculation of regulatory capital, and the underlying rating system is a major part of the IRB recognition process.
2.	It is useful to differentiate from the outset a bank’s internal IRB validation from the SAMA’s IRB recognition and ongoing monitoring (which refer to the SAMA’s first evaluation exercise and subsequent reviews). The primary responsibility for conducting internal validation to ensure the quality of a bank’s internal rating systems lies with its management.
3.	Explicit requirements in SAMA’s guidance paper “Minimum Requirements for Risk Quantification under IRB Approach” underline the need for banks to validate internal rating systems. Banks should demonstrate to SAMA that they can assess the performance of their internal rating and risk estimation systems consistently and meaningfully. More detailed requirements demand, for example, that realized default rates have to be within an expected range; that banks should use different quantitative validation tools; and that well-articulated internal standards should exist for situations where significant deviations occur between observed values of the key risk components and their estimates.
4.	The design of a validation methodology (Figure-1 Page 124) depends on the type of rating system and its underlying data. Rating systems can differ in various ways, depending on the borrower type, the materiality of the exposure, the dynamic properties of the estimation methodology (point-in-time versus through- the-cycle), and the availability of default data and external credit quality assessments (external ratings or vendor models). For example, the ratings for retail lending will typically be of a more quantitative nature, based on a rather large quantity of data. Sovereign ratings instead will typically put more emphasis on qualitative aspects because these borrowers are more opaque and default data are scarce.
5.	As a result, issues in relation to the internal IRB validation conducted by banks and the IRB recognition conducted by SAMA are relatively complex and require a good understanding of the rating system and its properties. Some of the issues are not currently well developed thus posing many challenges to both banks and supervisors. It is SAMA’s aim to work with banks to raise the standards of IRB recognition in Saudi Arabia. The following paragraphs set out the key components of IRB recognition to be conducted by SAMA.

	Key components of IRB recognition
6.	Figure 1 shows the key components of SAMA’s validation of IRB systems. The examination process mainly includes a review of the self-assessment questionnaires completed by a bank and an on-site examination to review both the technical details of the bank’s IRB systems/models and the risk management practices that govern the use of those systems/models.

	Qualitative aspects
7.	The qualitative aspects of the recognition process can be broken down into three areas:
	IRB coverage of assets – This should meet the criteria for transition to the IRB Approach.
	Rating system design - This involves evaluating the development of the rating method and monitoring of its ongoing performance. In the case of a model-based rating system, this includes a review of the economic plausibility of the risk factors and the treatment of problems in data quality. The stability of a rating system, whether based on expert judgment or models, is a central issue that can be analyzed (for example by looking at the rating migrations over time).

	Rating assignment process and the controls surrounding it -
	Important issues to be examined include the consistent application of a rating methodology across the bank and the requirement that these validation activities are subject to independent internal review. Underlying the controls should be adequate corporate governance and audit. Equally important are the transparency of the rating procedures and use of internal ratings, which should be supported by proper documentation. Use of internal ratings relates in particular to issues like internal reporting and how the rating system is being used by the credit officers. Furthermore, the rating system should be integrated into the bank’s policies and procedures, which deal with such aspects as the training of credit officers and specialists responsible for operating the rating system and measures to ensure a uniform application of the rating system across different branches and business units of the bank.
8.	Banks are expected to evaluate the above aspects in their self-assessment. SAMA will review banks’ self-assessment results, and check for compliance during the on-site visit based on the criteria for transition to IRB Approach and other requirements set out in the guidance paper “Minimum Requirements for Internal Rating Systems under IRB Approach”.

	Quantitative aspects – Banks’ internal validation
9.	SAMA considers that internal validation of the IRB Approach should be an integral part of a bank’s rating system architecture to provide reasonable assurances about its rating system. Banks adopting the IRB Approach should have a robust system in place to validate the accuracy and consistency of their rating systems, and the estimation of all relevant risk measures (i.e. PD/LGD/EAD). In addition, Banks should demonstrate the assessment of the discriminatory power (a measure of a rating system’s ability to distinguish between good and bad credits) of their rating systems (including credit scoring systems) based on quantitative methods.¹
10.	In the guidance paper “Minimum Requirements for Risk Quantification under IRB Approach”, it is proposed that the internal validation process should include review of rating system developments, ongoing analysis, and comparison of predicted estimates to actual outcomes (i.e. back-testing).

	Quantitative aspects – banks’ internal stress-testing
11.	For the purpose of assessment of capital adequacy using stress tests, it is proposed that a stressed scenario chosen by a bank should resemble the economic recession in Saudi Arabia. (see subsection 5.5 of “Minimum Requirements for Internal Rating Systems under IRB Approach” for details) entitled stress test.
12.	In reviewing the stress tests conducted by a bank, SAMA will have regard to the following:
	•	The complexity and level of risks of a bank’s activities;
	•	The adequacy of stress tests (e.g. stress scenarios and parameters chosen) employed by the bank in relation to its activities;
	•	The appropriateness of the assumptions used in the stress tests;
	•	The adequacy of the bank’s risk management policies and stress testing procedures;
	•	The level of oversight exercised by the Board and senior management on the stress-testing programme and results generated; and
	•	The adequacy of the bank’s internal review and audit of its stress testing programme.

	Quantitative aspects – data quality
13.	Another key component of an IRB system is an advanced data management system that produces credible and reliable risk information. The standard governing an IRB data maintenance system is that it should support the requirements for the other IRB system components, as well as the bank’s broader risk management and reporting needs. (See subsection of “Minimum Requirements for Internal Rating Systems under IRB Approach” for details.)
14.	The SAMA recognizes that the data quality challenge for IRB is significant. Perfection is therefore not its goal. The underlying requirement is that data should be fit for purpose. Banks are expected to produce information that is reliable and takes proper account of the different users of the information produced (the Board and senior management, customers, shareholders, regulators and other market participants).
15.	SAMA’s assessment of data accuracy and completeness will include an evaluation of the systems and controls that banks have in place to produce IRB information. SAMA will require that where an asset has a PD, LGD and EAD risk measure, this can be relied on and has been appropriately validated, captured and reported, both internally and externally.
16.	Banks are encouraged to develop automated data capture processes to safeguard the integrity of the calculation and reporting process with full and appropriate levels of documentation, suitably audited. Formal documentation should also be prepared for all manual or spreadsheet based approaches, including appropriate risk mitigating action taken.
17.	SAMA will require banks to self-assess against demonstrable measures (tests) on data quality as part of the overall approach to implementation of IRB. Banks should identify key risk areas in the regulatory capital calculation and underlying processes in relation to their data maintenance systems. SAMA will work with banks to establish a set of tests for assessing data quality, including the appropriate quantifiable measures that can truly reflect banks’ specific differences. It aims for a consistent approach for assessing data quality among banks through development of the set of tests, and allows banks the scope to tackle other areas of data quality in accordance with their internal priorities and scale of operations.
18.	Tests on data quality should be designed principally to cover the quality and integrity of the data, including associated risk controls, used in the capital calculation processes, and the integrity of the supporting processes themselves. The challenge will be for banks to demonstrate compliance with their internal policies in a quantitative way. In addition, there are some common tests that are appropriate for all banks, for example, that all areas of the balance sheet are appropriately covered in their data maintenance systems.

	Quantitative aspects – SAMA’s validation of PD/LGD//EAD estimates
19.	SAMA’s validation of PD/LGD//EAD estimates can be broken down into the two areas listed below:
	•	Back-testing means the use of statistical methods to compare estimates of the three risk estimates to realized outcomes. It is the empirical test of the accuracy and calibration of the estimates associated with borrower and facility ratings, respectively.
	•	Benchmarking refers to a comparison of internal estimates across banks and/or with external benchmarks (e.g. external ratings or vendor models used by banks).
20.	The data to perform comprehensive back-testing would not be available in the early stages of implementing an IRB system. This is due to the infrequency of default events and the impact of default correlation¹. Even if the data requirements of Basel II for the length of time series for the risk estimates are met, the explanatory power of statistical tests will still be limited. Therefore, statistical tests alone will be insufficient to establish supervisory acceptance of an internal rating system.
21.	Due to the limitations of using statistical tests to verify the accuracy of risk quantification, benchmarking can be a complementary tool for the validation and/or calibration of risk estimates. Benchmarking involves the comparison of a bank’s risk estimates to results from alternative sources. It is quite flexible in the sense that it gives banks and SAMA latitude to select an appropriate benchmark. An important technical issue is the design of the mapping from a bank’s estimates to the benchmark. Benchmarking can be a promising validation technique that would enable SAMA to make inferences about the characteristics of the internal rating system.
22.	Benchmarking may also from a part of the whole process of producing internally generated estimates from banks’ IRB systems. For example, banks could use external and independent references to calibrate their own IRB systems in terms of PD. Benchmarking internal risk estimates with external and independent risk estimates is implicitly given a special credibility, and deviations from this benchmark (in particular where the internal estimates are systematically lower than the benchmarking values) provide a reason to review the internal risk estimates.
23.	SAMA will work with individual banks to establish standards and techniques of benchmarking for validation purposes. It aims for a consistent approach among banks through development of such standards and techniques. The benchmarking techniques would largely be based on those used by banks internally. SAMA will also compare banks’ internal estimates of risk components (e.g. PD) across a panel. For example, it will compare PD estimates on corporates with respect to a peer group of banks. The main purpose of such comparison is to assess the correlation of the estimates or conversely the identification of potential “outliers” (e.g. variance analysis or robust regression) but not to determine if these estimates are accurate or not.
24.	If bank’s benchmarking is not sufficient to establish supervisory acceptance of its internal risk estimates (for example, the requirements regarding benchmarking set out in section 5 of “Minimum Requirements for Risk Quantification under IRB Approach” have not been met), the SAMA would consider to use supervisory benchmarking models as a complementary tool for the validation of the risk estimates. SAMA will let the bank understand the methodologies (including the theories and empirical data used) of the supervisory benchmarking models.

	Way Forward
25.	IRB validation and recognition should be understood as an ongoing process. As rating systems become more refined, the validation methodology will also develop. It will be useful for SAMA to monitor this process by staying in close contact with the banks. In addition, there are two areas where further action is warranted. One area concerns developments of qualitative and quantitative techniques and collection of historical data that are necessary for estimation and validation. This is the responsibility of banks.
26.	The other area is further guidance on the implementation of the IRB minimum requirements. In particular, the requirements for the estimation of the three risk components, which will have a strong impact on the validation/recognition methodology, are not yet fully understood by banks. Providing on-going guidance to banks is the foremost responsibility of SAMA.

¹ Due to correlation between defaults in a portfolio, observed default rates can systematically exceed the critical PD values if these are determined under the assumption of independence of the default events.

Soft Launch